In the week that’s about to pass (June 11 - June17) we’ve seen a lot of interesting things but, if we had to appoint a particular topic that marked it, it would have to be scams and spam.
On Monday, we saw that Amazon was warning its customers about a spam campaign
that posed a serious threat. Malware-spreading
emails that purported to come from DHL
, Best Buy
have also caught our attention.
As far as LinkedIn is concerned, it’s a bit more complicated. After the security breach
that affected around 6.5 million social media customers, the company started sending out notifications.
Experts have found them to be troublesome
since they were actually being sent out to email addresses unrelated to the affected user. Furthermore, all that spam made around 250,000 internauts mistake
the real password reset alerts with unsolicited email.
This week we’ve also had the opportunity to speak to a number of experts on the topic of password security. Experts such as Graham Cluley of Sophos, Sorin Mustaca from Avira, David Barclay from Trend Micro, Ucha Gobejishvili, the hacker Gambit, and ESET’s Aryeh Goretsky have inspired us to write a comprehensive advisory on how to safely store passwords.
This week we’ve also learned that security researchers from Kaspersky have found the missing link
between Stuxnet and Flame. As it turns out, Flame was first and the developers of Stuxnet may have borrowed a component to help their piece of malware spread via USB drives.
In the vulnerability
section, we’ve also had some interesting stories to share. AMD responded
to CERT’s notifications regarding some security issues related to video drivers.
Then, we’ve learned about a dangerous vulnerability in MariaDB and MySQL
, which could allow an attacker to connect to a server by using an incorrect password.
The father of Linux, Linus Torvalds has revealed
that Microsoft’s UEFI keys may be a good solution, but not one that couldn’t be bypassed by “clever hackers.”
We’ve also published the great interview
we’ve had with Adam Gowdiak of Security Explorations at this year’s Hack in the Box security conference in Amsterdam.
Other security holes worth mentioning are the ones patched by Oracle with the June 2012 Java SE CPU
, an SQL Injection
flaw in the website of University of Alaska, a memory corruption issue
in Firefox 13, a zero-day in Microsoft’s XML Core Services
, and a privilege escalation vulnerability
that affects numerous companies such as Intel, Oracle, Red Hat and many others.
A number of hackers and fraudsters have been arrested or indicted this week.
We have talked about the arrest of 10 Romanian fraudsters
, the indictments of a Dutch hacker
accused of selling 44,000 credit card details and of the famous Ryan Cleary
, and the 106 raids
conducted by German police.
Finally, in the online monitoring laws
section we have the draft of UK’s Communications Data Bill
and the legislation
that banns Ethiopians from using VOPI technologies.